What is the CVSS score of CVE-2025-68482?

CVE-2025-68482 has a CVSS 3.1 base score of 6.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Fortianalyzer are affected by CVE-2025-68482?

Organizations using Fortinet FortiAnalyzer 7.6.0 should be aware of notable risk from CVE-2025-68482 rated CVSS 6.9. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-68482?

Within 30 days: Identify affected systems running Fortinet FortiAnalyzer 7.6.0 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Fortianalyzer CVE-2025-68482

MEDIUM

Improper Certificate Validation (CWE-295)

2026-03-10 psirt@fortinet.com

Fortinet Fortianalyzer Fortimanager

6.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 10, 2026 - 18:17 nvd

MEDIUM 6.9

DescriptionNVD

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.

AnalysisAI

Technical ContextAI

Classified as CWE-295 (Improper Certificate Validation). Affects Fortimanager. A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-68482 vulnerability details – vuln.today

Back